PT-2025-45419 · Unknown · Newbee-Mall-Plus

Huangweigang

Published

2025-11-07

Updated

2025-11-07

CVE-2025-12854

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions newbee-mall-plus versions up to 2.4.1

Description A flaw exists in newbee-mall-plus where manipulation of the userid argument within the executeSeckill function, located in the /seckillExecution/ file, can result in authorization bypass. This issue can be exploited remotely and is considered to have high complexity, though exploitability is described as difficult. The exploit is publicly available.

Recommendations Versions prior to 2.4.1 should be updated.

Exploit

Fix

Improper Authorization

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-639

Related Identifiers

CVE-2025-12854

Affected Products

Newbee-Mall-Plus

PT-2025-45419 · Unknown · Newbee-Mall-Plus

CVE-2025-12854

Weakness Enumeration

Related Identifiers

Affected Products

References · 7